...

View Full Version : Encryption (RC4) - mangled text



Spudhead
05-27-2007, 10:38 AM
I'm trying to write an encrypted CSV file, using the RC4 encryption code from 4guysfromrolla (http://www.4guysfromrolla.com/webtech/010100-1.shtml).

When I decrypt the file, I get a whole bunch of... well, it looks like the text has only been partially decrypted, above my hex dump of the output. You can see my test page here (http://www.capsule01.co.uk/crypt/crypttest.asp) (it's screwing up the browser display so you have to look a little carefully to see where the "decrypted" text ends and the hex dump begins).

I can't see any pattern to it. My understanding of character encoding is minimal and I suspect that it's at the root of this, but if someone could take a look and attempt to explain to me just what's actually going on, I'd be enormously grateful.

The source for my test page is:


<!--#INCLUDE FILE="functions.asp"-->
<!--#INCLUDE FILE="rc4.asp"-->

<%
sSessionId = session.sessionID
iKeycode = "0"
sFormName = safeEscape("TEST_FORM")
sTitle = safeEscape("Mr")
sFName = safeEscape("Test")
sLName = safeEscape("Testsson")
sAdd1 = safeEscape("1 Any Street")
sTown = safeEscape("Mytown")
sCounty = safeEscape("Sadsville")
sPostcode = safeEscape("AB1 2CD")
sAmount = "10"
sDay = safeEscape("12")
sMethod = safeEscape("CC")
sCard_type = safeEscape("Switch")
sCard_name = safeEscape("MR T TESTSSON")
sCard_number = safeEscape("1234567812345678")
sVFM = "03"
sVFY = "2006"
sVTM = "02"
sVTY = "2009"
sIssue = "1"
sCVV = "123"

dim sData
sData = sSessionId & ",1," & iKeycode & vbCrLf
sData = sData & sSessionId & ",2," & sFormName & vbCrLf
sData = sData & sSessionId & ",10," & sTitle & vbCrLf
sData = sData & sSessionId & ",11," & sFName & vbCrLf
sData = sData & sSessionId & ",12," & sLName & vbCrLf
sData = sData & sSessionId & ",21," & sAdd1 & vbCrLf
sData = sData & sSessionId & ",22," & sTown & vbCrLf
sData = sData & sSessionId & ",23," & sCounty & vbCrLf
sData = sData & sSessionId & ",28," & sPostcode & vbCrLf
sData = sData & sSessionId & ",180," & sAmount & vbCrLf
sData = sData & sSessionId & ",190," & sDay & vbCrLf
sData = sData & sSessionId & ",194," & sMethod & vbCrLf
sData = sData & sSessionId & ",181," & sCard_type & vbCrLf
sData = sData & sSessionId & ",182," & sCard_name & vbCrLf
sData = sData & sSessionId & ",183," & sCard_number & vbCrLf
sData = sData & sSessionId & ",184," & sVFM & vbCrLf
sData = sData & sSessionId & ",185," & sVFY & vbCrLf
sData = sData & sSessionId & ",186," & sVTM & vbCrLf
sData = sData & sSessionId & ",187," & sVTY & vbCrLf
sData = sData & sSessionId & ",188," & sIssue & vbCrLf
sData = sData & sSessionId & ",189," & sCVV & vbCrLf
sData = sData & sSessionId & ",999"

response.write("<pre>" & sData & "</pre>" & vbCrLf & vbCrLf)



sub writeEncryptedFile(sText, sKey)
dim sRoot, sKeyFile, sFileName, sFilePath, sEncrypted
sRoot = server.mappath("\crypt")
sEncrypted = EnDeCrypt(sText,sKey)
sFileName = year(now()) & addLeadingZero(month(now())) & addLeadingZero(day(now())) & "_" & session.sessionID & ".csv"
sFilePath = sRoot & "\" & sFileName
dim oFSO, oTextFile
set oFSO = Server.CreateObject("Scripting.FileSystemObject")
set oTextFile = oFSO.CreateTextFile(sFilePath, false, false)
oTextFile.Write(sEncrypted)
oTextFile.Close
set oTextFile = nothing
end sub


sCryptFolder = server.mappath("/crypt")
sEncryptionKey = "thisistheencryptionkey"




writeEncryptedFile sData, sEncryptionKey


dim oFSO, oFldr, oFileText
set oFSO = server.createobject("Scripting.FileSystemObject")
set oFldr = oFSO.getFolder(sCryptFolder)

for each oFile in oFldr.files
sFileName = oFile.Name

if instr(sFileName,"asp")<1 then

response.write("Reading: " & sFileName & vbCrLf)

sFilePath = sCryptFolder & "\" & sFileName

set oFileText = oFSO.OpenTextFile(sFilePath, 1, false, 0)

sFileContents = oFileText.ReadAll

set oFileText = nothing

oFSO.DeleteFile sFilePath

sDecryptedContents = EnDeCrypt(sFileContents, sEncryptionKey)

response.write(sDecryptedContents & vbCrLf & vbCrLf)


for x = 1 to len(sDecryptedContents)
response.write right(string(2,"0") & hex(asc(mid(sDecryptedContents, x, 1))),2) & " "
if x mod 26 = 0 then response.write vbCRLF
next

end if

next

set oFldr = nothing
set oFSO = nothing



%>




(nb: "functions.asp" is a few utility functions I keep knocking about - like "safeEscape()", which tries to escape() a string and doesn't throw an error if it's empty, and "addLeadingZero()", which does exactly what it says on the tin. "rc4.asp" is the file copied wholesale from the 4guysfromrolla website, which you can see here (http://www.4guysfromrolla.com/webtech/code/rc4.inc.html)

Spudhead
05-30-2007, 10:43 AM
I guess that's a "no", then :(

Anyone recommend any of the commercial ASP encryption components? :D

Daemonspyre
05-30-2007, 03:24 PM
Hey Spuds--

It looks as though this is working correctly.

The parts that I think you are saying are "partially decrypted" is HTML's way of saying ' ' (space) and other characters. %20 = space

Try looking at your page's source and I think that you will find it's doing exactly as it's designed OR try doing a


response.write(replace(sDecryptedContents,"%20"," ") & vbCrLf & vbCrLf)

HTH!

Spudhead
05-30-2007, 04:46 PM
Ummm.

:o

In the 3 days since I posted this, it's fixed itself. I swear I haven't touched the file.

I'm not talking about the encoded characters (the spaces). The test data that's going in is encoded: the data that's coming out should also be encoded.

I was referring to.... it was writing weird characters - above ASCII code 127. And it was doing it bang in the middle of the decrypted text.

Now I'm REALLY confused. It was bad enough when I didn't know why it didn't work. Now I don't know why it works :(

Daemonspyre
05-30-2007, 04:57 PM
That is weird, as I don't see them in your test script at all.

Well, you can always chalk it up to -- If it works, don't touch it. :)

Here's a simple question though - You say you haven't touched the CSV file, but have you edited your functions.asp page, i.e. safeEscape() and addLeadingZero()?

What about adding (or removing) cStr or cInt?

Just some things to help jog the memory.

nb - sorry it took so long to get back to you. Haven't logged on in a couple of days...

keyboardface
07-16-2009, 08:50 PM
I had the same weird random encoding thing happening. For me, it was working correctly on some pages and on other pages, it was only partially decrypting it.

One solution someone pointed out is that it wasn't being encoded for HTML when you're testing it. That is easily overcome by using Server.HTMLEncode(), but that wasn't my problem.

Mine was that it would encrypt and decrypt it fine on one page, but when I went to a different page to decrypt it, it wouldn't work. Drove me crazy until I found that the only difference between the pages was the declaration at the top:

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>

The bug here was that one of the pages didn't have this declaration and the other did. Thus, the encoding and decoding were being done with different codepages.

Just make sure you're using the same codepage and it should give consistent results.

Best,
Tom



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum